security { ike { policy ike-dyn-vpn-policy { mode aggressive; proposal-set compatible; pre-shared-key ascii-text "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; } } external-interface reth0; } gateway dyn-vpn-local-gw { ike-policy ike-dyn-vpn-policy; dynamic { hostname XXXXXXX; connections-limit 2; ike-user-type group-ike-id; } dead-peer-detection { interval 10; threshold 5; } external-interface reth0.0; xauth access-profile dyn-vpn-access-profile; } } ipsec { policy ipsec-dyn-vpn-policy { perfect-forward-secrecy { keys group2; } proposal-set compatible; } vpn dyn-vpn { ike { gateway dyn-vpn-local-gw; ipsec-policy ipsec-dyn-vpn-policy; } } } dynamic-vpn { access-profile dyn-vpn-access-profile; clients { all { remote-protected-resources { 10.100.0.0/16; } ipsec-vpn dyn-vpn; user { user1; } } } } policies { from-zone untrust to-zone trust { policy dyn-vpn-policy { match { source-address 10.0.8.0/24; destination-address 10.100.0.0/16; application any; } then { permit { tunnel { ipsec-vpn dyn-vpn; } } } } } } } access { profile dyn-vpn-access-profile { authentication-order password; client user1 { firewall-user { password "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; } } address-assignment { pool dyn-vpn-address-pool; } } firewall-authentication { pass-through { default-profile dyn-vpn-access-profile; } web-authentication { default-profile dyn-vpn-access-profile; } } }